auth.php

   1 <?php
   2
   3 require_once 'db.php';
   4
   5 function check_auth() {
   6   if (!isset($_SERVER['PHP_AUTH_USER'])) {
   7     header('WWW-Authenticate: Basic realm="My Realm"');
   8     header('HTTP/1.0 401 Unauthorized');
   9     die("You hit cancel");
  10   }
  11   $db = get_db();
  12   $authStmt = $db->prepare('select count(*) as count, username from users where username = :username AND password = :password;');
  13   $authStmt->bindValue(':username', $_SERVER['PHP_AUTH_USER']);
  14   $authStmt->bindValue(':password', $_SERVER['PHP_AUTH_PW']);
  15   $result = $authStmt->execute();
  16   if ($result->fetchArray()[0] != 1) {
  17     unauthorized_die();
  18   }
  19   return $_SERVER['PHP_AUTH_USER'];
  20 }
  21
  22 function unauthorized_die() {
  23   header('Location: unauthorized.php');
  24   die('Unauthorized');
  25 }
  26